On 14-Mar-06, at 5:12 PM, Jeff Hodges wrote:
Well, that -- not worrying about "what the things are" -- doesn't work when one is designing a security protocol (which is what an identity protocol is). What is in the objects being exchanged, and the semantics attached to it/them, are of utmost importance to the meaning of the protocol.
Not sure where you're coming from there. By analogy LDAP moves attributes around and we don't concern ourselves in the protocol specification with what they actually are. I think DIX can achieve the same positive effect.... it moves attributes from the user's identity agent to some consuming website. I'm thinking that that attribute value could be a SAML token, in this case an attribute assertion.
John _______________________________________________ dix mailing list [email protected] https://www1.ietf.org/mailman/listinfo/dix
